On Mon, Jan 12, 2015 at 1:48 PM, Ciaran McCreesh <ciaran.mccre...@googlemail.com> wrote: > On Mon, 12 Jan 2015 19:44:46 +0100 > Kristian Fiskerstrand <k...@gentoo.org> wrote: >> Shor's would be effective against discrete logs (including ECC) as >> well, so wouldn't be applicable to this selection. For post-quantum >> asymmetric crypto we'd likely need e.g a lattice based primitive. > > We're not post-quantum, and if we were no-one knows how anything would > do anyway... Why not stick to threats that actually exist?
For the same reason that we don't deploy 1024-bit RSA keys? Also, you wouldn't necessarily know if we were post-quantum or not. Nobody made the claim that nobody should ever use RSA, just that this is an area of concern. -- Rich